BRUSSELS – With the European Commission’s consultation on the Cybersecurity Act (CSA) closing tomorrow, the Business Software Alliance (BSA) is calling on EU policymakers to uphold the CSA’s core mission: strengthening Europe’s cybersecurity through technical excellence, cooperation, and trust. 

In its official submission, BSA warns that efforts to inject digital sovereignty criteria into technical certification schemes risk backfiring: raising costs, reducing choice, and undermining Europe’s digital resilience. 

“Good cybersecurity doesn’t come from where a company is headquartered, it comes from how well its systems are built and maintained,” said Hadrien Valembois, BSA’s Director of Policy for EMEA. “Europe’s focus should be on robust, risk-based standards, not artificial barriers that exclude trusted partners.” 

BSA’s members, leaders in cloud computing, AI, and enterprise software, already invest heavily in Europe: localizing data, hiring EU citizens, and meeting some of the world’s most stringent regulatory requirements. However, proposed sovereignty provisions, including ownership caps and localization mandates, could penalize these same firms without delivering meaningful gains in security. 

BSA is calling for a smarter path forward: one that empowers ENISA’s technical role, streamlines compliance across Member States, and keeps certification grounded in technical merit. 

“Europe can lead on cybersecurity by combining strong local capabilities with trusted global cooperation,” added Valembois. “True resilience comes from integration, not insulation.” 

Cybersecurity remains one of BSA’s core priorities in policy engagement across Europe and globally. Members develop technologies that secure digital infrastructure, enable trusted data flows, and support businesses and governments in responding to evolving cyber threats. A well-calibrated CSA is central to strengthening trust and resilience across the digital economy.